Unrated severityNVD Advisory· Published Mar 14, 2011· Updated Jun 16, 2026
CVE-2011-0700
CVE-2011-0700
Description
Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (1) the Quick/Bulk Edit title (aka post title or post_title), (2) post_status, (3) comment_status, (4) ping_status, and (5) escaping of tags within the tags meta box.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*range: <=3.0.4
- (no CPE)range: <3.0.5
Patches
Vulnerability mechanics
References
16- codex.wordpress.org/Version_3.0.5nvdPatchVendor Advisory
- core.trac.wordpress.org/changeset/17397nvdPatchVendor Advisory
- core.trac.wordpress.org/changeset/17401nvdPatchVendor Advisory
- core.trac.wordpress.org/changeset/17406nvdPatchVendor Advisory
- core.trac.wordpress.org/changeset/17412nvdPatchVendor Advisory
- www.wordpress.org/news/2011/02/wordpress-3-0-5/nvdPatchVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2011-March/056412.htmlnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2011-March/056998.htmlnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2011-March/057003.htmlnvdThird Party Advisory
- openwall.com/lists/oss-security/2011/02/08/7nvdMailing ListThird Party Advisory
- openwall.com/lists/oss-security/2011/02/09/13nvdMailing ListThird Party Advisory
- secunia.com/advisories/43729nvdThird Party Advisory
- www.debian.org/security/2011/dsa-2190nvdThird Party Advisory
- www.securityfocus.com/bid/46249nvdThird Party AdvisoryVDB Entry
- www.vupen.com/english/advisories/2011/0658nvdThird Party Advisory
- www.vupen.com/english/advisories/2011/0721nvdThird Party Advisory
News mentions
0No linked articles in our index yet.